CVE-2020-36966

Name of the Vulnerable Software and Affected Versions Dolibarr version 11.0.3

Description Dolibarr 11.0.3 contains a persistent cross-site scripting issue in LDAP synchronization settings. Attackers can inject malicious scripts through multiple parameters. The /dolibarr/admin/ldap.php endpoint is affected, specifically the host, slave, and port parameters. Exploitation allows attackers to execute arbitrary JavaScript and potentially steal user cookie information.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /dolibarr/admin/ldap.php endpoint to minimize the risk of exploitation.